Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-jdbc-commits-owner+archive@lists.postgresql.org>)
	id 1rKrm7-004rbb-T1
	for pgsql-jdbc-commits@arkaria.postgresql.org;
 Wed, 03 Jan 2024 03:18:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-jdbc-commits-owner+archive@lists.postgresql.org>)
	id 1rKrm5-002ocn-GH
	for pgsql-jdbc-commits@arkaria.postgresql.org;
 Wed, 03 Jan 2024 03:18:33 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <noreply@github.com>)
	id 1rKrm5-002ocf-8X
	for pgsql-jdbc-commits@lists.postgresql.org; Wed, 03 Jan 2024 03:18:33 +0000
Received: from out-23.smtp.github.com ([192.30.252.206])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <noreply@github.com>)
	id 1rKrlx-00DTAO-U7
	for pgsql-jdbc-commits@lists.postgresql.org; Wed, 03 Jan 2024 03:18:31 +0000
Received: from github.com (hubbernetes-node-5559e63.ac4-iad.github.net
 [10.52.137.27])
	by smtp.github.com (Postfix) with ESMTPA id BD5D45E04BB
	for <pgsql-jdbc-commits@lists.postgresql.org>;
 Tue,  2 Jan 2024 19:18:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
	s=pf2023; t=1704251903;
	bh=/zNGvABPm8Kp0B6NRXAf6QUwA8eE7o8NrbVkJfV8fBE=;
	h=Date:From:To:Subject:From;
	b=HcRnJb+4US4RCQ9//rMtTXrQPB7J5bA4ljwHWaGVREspENeCNTajjkHeeYFv4DQ4E
	 fCw6wK7V2iqsK1CaXYvkKkDblbhudT+/0agKBNLqOiDIjs9pd7pgbZXA2cAaRDGVYG
	 ADshahfv3k+DXHuclnrWA1Xqapf20CaZahlsmZtI=
Date: Tue, 02 Jan 2024 19:18:23 -0800
From: Sehrope Sarkuni <noreply@github.com>
To: pgsql-jdbc-commits@lists.postgresql.org
Message-ID: <pgjdbc/pgjdbc/push/refs/heads/master/0b0f4c-f24921@github.com>
Subject: [pgjdbc/pgjdbc] eae5e6: feat: Add PasswordUtil and
 PGConnection.alterUserP...
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Approved: 58GruLoMopuc
X-GitHub-Recipient-Address: pgsql-jdbc-commits@lists.postgresql.org
X-Auto-Response-Suppress: All
List-Id: <pgsql-jdbc-commits.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-jdbc-commits@lists.postgresql.org>
List-Owner: <mailto:pgsql-jdbc-commits-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-jdbc-commits>
Archived-At: 
 <https://www.postgresql.org/message-id/pgjdbc/pgjdbc/push/refs/heads/master/0b0f4c-f24921%40github.com>
Precedence: bulk

  Branch: refs/heads/master
  Home:   https://github.com/pgjdbc/pgjdbc
  Commit: eae5e613641be1cb9aba13f454ae5fc63f8ed55a
      https://github.com/pgjdbc/pgjdbc/commit/eae5e613641be1cb9aba13f454ae5fc63f8ed55a
  Author: Sehrope Sarkuni <sehrope@jackdb.com>
  Date:   2024-01-02 (Tue, 02 Jan 2024)

  Changed paths:
    M CHANGELOG.md
    M pgjdbc/src/main/java/org/postgresql/PGConnection.java
    M pgjdbc/src/main/java/org/postgresql/util/MD5Digest.java
    A pgjdbc/src/main/java/org/postgresql/util/PasswordUtil.java
    A pgjdbc/src/test/java/org/postgresql/test/util/PasswordUtilTest.java
    M pgjdbc/src/testFixtures/java/org/postgresql/test/TestUtil.java

  Log Message:
  -----------
  feat: Add PasswordUtil and PGConnection.alterUserPassword(...) for encrypting passwords client side

Add a PasswordUtil helper that provides methods for encoding a given password client
side so that it may be used for ALTER USER and CREATE USER statement without sending
the plaintext password over the wire.

Also adds a helper to PGConnection that generates the ALTER USER command necessary to
update a user's password and executes it.

The helpers default to encoding the password using SCRAM-SHA-256 if used directly or using the
server's default password_encryption setting if used via the PGConnection helper.

Co-authored-by: Sehrope Sarkuni <sehrope@jackdb.com>
Co-authored-by: Dave Cramer <davecramer@gmail.com>


  Commit: f2492112e9ba2f72df417e456742df51533852f0
      https://github.com/pgjdbc/pgjdbc/commit/f2492112e9ba2f72df417e456742df51533852f0
  Author: Sehrope Sarkuni <sehrope@jackdb.com>
  Date:   2024-01-02 (Tue, 02 Jan 2024)

  Changed paths:
    M .github/workflows/matrix.js

  Log Message:
  -----------
  test: Force use of /dev/urandom in CI as source for java.security.egd

Force use of /dev/urandom as the source of entropy for the internal state of the secure
RNG by setting java.security.egd. This is needed to prevent a poorly configured runner
from draining its entropy by using the default of /dev/random. This is not needed on
modern kernels as they do not block after boot. However it may be required for older
kernels that will otherwise refuse to return back random bits unless they think they
have enough tracked entropy in /dev/random. Specifically, this corrects an issue with
one of the hosted CI runners that was hanging fetching bytes from SecureRandom.


Compare: https://github.com/pgjdbc/pgjdbc/compare/0b0f4ce6ed89...f2492112e9ba